Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix integer overflow in wordwrap #1738

Closed
wants to merge 3 commits into from
Closed

fix integer overflow in wordwrap #1738

wants to merge 3 commits into from

Conversation

@insuyun
Copy link
Contributor

@insuyun insuyun commented Jan 24, 2016

Since integer overflow can be occurred in wordwrap,
input text length needs to be checked.

This is PoC code which cause SEGFAULT in 32bit Ubuntu

[ 4835.338030] php[32661]: segfault at 41414149 ip 082f6b6a sp bfd33de0
error 4 in php[8048000+837000]

Since integer overflow can be occurred in wordwrap,
input text length needs to be checked.

This is PoC code which cause SEGFAULT in 32bit Ubuntu

<?php
  $text1 = str_repeat("A", 65536);
  $text2 = str_repeat("B", 65536 - 1);
  $newtext = wordwrap($text1, -1, $text2);
?>

[ 4835.338030] php[32661]: segfault at 41414149 ip 082f6b6a sp bfd33de0
error 4 in php[8048000+837000]
@insuyun insuyun changed the title fix potential overflow in wordwrap fix integer overflow in wordwrap Jan 24, 2016
@jerrygrey
Copy link

@jerrygrey jerrygrey commented Jan 24, 2016

Don't you mean Integer overflow *HAS* occurred instead of Integer overflow *IS* occurred?

@insuyun
Copy link
Contributor Author

@insuyun insuyun commented Jan 24, 2016

Sorry for my bad English :)
I fixed an error message.

@php-pulls
Copy link

@php-pulls php-pulls commented Jan 28, 2016

Comment on behalf of yohgaki at php.net:

The fix is committed, but safe alloc is used. Thank you for PR and report

@php-pulls php-pulls closed this Jan 28, 2016
@insuyun
Copy link
Contributor Author

@insuyun insuyun commented Jan 28, 2016

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants